From 67a6d8712f1ec3a43dc5bcf7ffa471c19b0e218e Mon Sep 17 00:00:00 2001
From: Fred Barclay <Fred-Barclay@users.noreply.github.com>
Date: Fri, 2 Jun 2017 18:36:46 -0500
Subject: [PATCH] Added Catfish profile

---
 README                     |  1 +
 README.md                  |  2 +-
 RELNOTES                   |  2 +-
 etc/catfish.profile        | 31 +++++++++++++++++++++++++++++++
 etc/disable-programs.inc   |  1 +
 platform/debian/conffiles  |  1 +
 src/firecfg/firecfg.config |  3 ++-
 7 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 etc/catfish.profile

diff --git a/README b/README
index d9171b68a..22f835a10 100644
--- a/README
+++ b/README
@@ -187,6 +187,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
 	- added mousepad, qpicview, and cvlc profiles
 	- added BibleTime profile
 	- added caja and galculator profiles
+	- added Catfish profile
 G4JC (http://sourceforge.net/u/gaming4jc/profile/)
 	- ARM support
 	- profile fixes
diff --git a/README.md b/README.md
index 7df356357..594dd92e8 100644
--- a/README.md
+++ b/README.md
@@ -76,4 +76,4 @@ The plan is to have all bittorrent clients whitelisted in the next release.**
 
 ## New profiles
 
-vym, darktable, Waterfox, digiKam
+vym, darktable, Waterfox, digiKam, Catfish
diff --git a/RELNOTES b/RELNOTES
index 7b779fc22..e67f2dbd7 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -5,7 +5,7 @@ firejail (0.9.47) baseline; urgency=low
   * modifs: AppArmor made optional; a warning is printed on the screen
     if the sandbox fails to load the AppArmor profile
   * added /etc/firejail/globals.local for global customizations
-  * new profiles: vym, darktable, Waterfox, digiKam
+  * new profiles: vym, darktable, Waterfox, digiKam, Catfish
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  Tue, 23 May 2017 08:00:00 -0500
 
diff --git a/etc/catfish.profile b/etc/catfish.profile
new file mode 100644
index 000000000..e0039a042
--- /dev/null
+++ b/etc/catfish.profile
@@ -0,0 +1,31 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/catfish.local
+
+# Firejail profile for catfish
+noblacklist ~/.config/catfish
+
+# We can't blacklist much since catfish
+# is for finding files/content
+include /etc/firejail/disable-devel.inc
+
+caps.drop all
+net none
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+shell none
+tracelog
+
+# These options work but are disabled in case
+# a users wants to search in these directories.
+#private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m
+#private-dev
+#private-tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index f2cf99188..4d975a8ae 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -62,6 +62,7 @@ blacklist ${HOME}/.config/borg
 blacklist ${HOME}/.config/brasero
 blacklist ${HOME}/.config/brave
 blacklist ${HOME}/.config/caja
+blacklist ${HOME}/.config/catfish
 blacklist ${HOME}/.config/cherrytree
 blacklist ${HOME}/.config/chromium
 blacklist ${HOME}/.config/chromium-dev
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index cc7453ae7..094134494 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -32,6 +32,7 @@
 /etc/firejail/brasero.profile
 /etc/firejail/brave.profile
 /etc/firejail/caja.profile
+/etc/firejail/catfish.profile
 /etc/firejail/cherrytree.profile
 /etc/firejail/chromium-browser.profile
 /etc/firejail/chromium.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 044f07c95..73d47a142 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -1,5 +1,5 @@
 # /usr/lib/firejail/firecfg.config - firecfg utility configuration file
-# This is the list of programs in alfabetical order handled by firecfg utility
+# This is the list of programs in alphabetical order handled by firecfg utility
 #
 0ad
 2048-qt
@@ -23,6 +23,7 @@ bless
 blender
 brasero
 brave
+catfish
 cherrytree
 chromium
 chromium-browser